Hi Fabian,
I've just implemented the suggested patch in the develop branch:
http://git-wip-us.apache.org/repos/asf/marmotta/diff/27750cd7
Please, check if the Java Client Library now correctly implements HTTP
Basic Authentication as expected.
Thanks for all your support on debugging and fixing this issue.
Cheers,
On 30/10/14 15:50, Fabian Cretton wrote:
(moved the discussion from user@marmotta to dev@marmotta)
As my last question was "does ImportClient() and HTTPUtil really use the
ClientConfiguration user/pwd to set the HTTP authentication", I did a trial in
HTTPUtil.createPost(), replacing
return new HttpPost(serviceUrl);
by:HttpPost post = new HttpPost(serviceUrl);
String user = config.getMarmottaUser() ;
String pwd = config.getMarmottaPassword() ;
if (user != null && pwd != null) // if a user/pwd is specified, set the
Authentication
{
String credentials = config.getMarmottaUser() + ":" +
config.getMarmottaPassword() ;
try {
String encoded =
DatatypeConverter.printBase64Binary(credentials.getBytes("UTF-8"));
post.setHeader("Authorization", "Basic " + encoded);
} catch (UnsupportedEncodingException e) {
// no logger here, no 'error' is registered
System.out.println("UnsupportedEncodingException") ;
}
}
return post ;
This seems to work. But as I don't master the HTTP authentication, I am not
sure this code is fully correct.
For instance, I do post.setHeader() with a "Basic " string, but I see that Marmotta has a parameter
"security.method" that can be either "BASIC" or "DIGEST". Do we have to take this into
account here ?
Another question:
here I did modified the createPost(), but should other methods be modified as
well ?
Currently, I can use my own code as described earlier, so I am willing to
provide a patch for that only if it is useful for the Marmotta team.
Fabian
"Fabian Cretton" <[email protected]> 28.10.2014 11:32 >>>
Jakob,
Thank you for your answer. So the patch I did was to allow one Marmotta module
that I am developping to call another existing marmotta module, which seems a
common use case for me when developping new modules in this SOA architecture.
Thank you for your proposal that I will try: "decrypt" the auth token and
provide user/passwd via the ClientConfiguration.
But now, here I am back to the current problem if I would like to use
ImportClient(), as the user/pwd passed to ClientConfiguration don't seem to
work.
I would be happy to have a look into that, but I would need your help about the
open question:
"I do see the deprecated methods in
org.apache.marmotta.client.util.HTTPUtil.createClient()
However I don't see anywhere in that createClient() that the user/pwd values are
used ? is it a hidden mechanisme ?"
Is that maybe the current bug: that HTTPUtil.createClient() don't use the user/pwd to set
the "Authorization" header ?
Thank you
Fabian
Jakob Frank <[email protected]> 28.10.2014 11:20 >>>
Hi Fabian,
sorry, I mixed up the two. ClientConfiguration is the right one.
So you want to forward the auth-token you receive on your side to marmotta?
This usecase is currently not covered, the patch you did looks like a possible
solution.
A different approach would be to "decrypt" the auth token and provide
user/passwd via the ClientConfiguration.
Best,
Jakob
Am 27.10.2014 15:11 schrieb "Fabian Cretton" <[email protected]>:
Jakob,
Do we talk here about ClientConfiguration or ConfigurationClient ?
In my understanding ConfigurationClient is a client to access the configuration
of Marmotta whereas I was talking about ClientConfiguration here.
In my code, to call the ImportClient, I am doing:
ClientConfiguration configuration = new ClientConfiguration(marmottaURL, "admin",
"pass123");
configuration.setMarmottaContext(context);
ImportClient importClient = new ImportClient(configuration);
importClient.uploadDataset(is, format.getDefaultMIMEType());
Then, I do see the deprecated methods in
org.apache.marmotta.client.util.HTTPUtil.createClient()
However I don't see anywhere in that createClient() that the user/pwd values
are used ? is it a hidden mechanisme ?
If you can give me more precision I can still look into that, but hopefully I
am not causing you more troubles then help.
But still there is something not clear for me:
Ultimately, I don't want to pass a predefined user/pwd to my
ClientConfiguration in my java code, but I want to use the user/pwd currently
logged on the platform.
This is what I do in the current work-around I described in my first post:
To make it work, I had make my own copy of the method
ImportClient.uploadDataset(), and pass the headerAuth received by my own
webservice to the post object: post.setHeader("Authorization", headerAuth);
Fabian
Jakob Frank <[email protected]> 27.10.2014 13:43 >>>
It is - setting the username/passwd in the ConfigurationClient should
do the trick.
I had a look into
org.apache.marmotta.client.clients.ConfigurationClient and
org.apache.marmotta.client.util.HTTPUtil, this is where I found the
warnings.
We updated HttpClient to 4.3 some time ago which changed the API, but
never followed up with all the usages in marmotta [1].
There are probably to strategies to fix the auth-issue:
* configure the HttpClient for "preemtive auth", so it sends the
auth-header right at the beginning, or
* implement a retry-strategy that reacts on 401 correctly (actually,
IMHO HttpClient should do so automatically)
Best,
Jakob
[1] https://issues.apache.org/jira/browse/MARMOTTA-406
On 27 October 2014 10:50, Fabian Cretton <[email protected]> wrote:
Do you mean that passing the user/pwd to the ClientConfiguration should be
the correct way to do it ?
And, more precisely, where is the use of a deprecated API of HttpClient ?
thanks
Fabian
Jakob Frank <[email protected]> 27.10.2014 09:38 >>>
Hi Fabian,
while looking into the code for the data-import issue, I saw that we
are using a deprecated API of HttpClient - maybe the authentication
issue is related to that.
Would be great if you could have a look into that and maybe provide a patch!
Best,
Jakob
On 24 October 2014 13:56, Fabian Cretton <[email protected]> wrote:
Hi,
In a Marmotta module I am developping, I did use ImportClient to upload
data, and it did work fine.
However, when changing Marmotta's security from "simple" to "restricted",
the ImportClient was failing with a 401.
I did try to pass a user/pwd to the ClientConfiguration(), but the error
persisted (I was passing the user and password as 'clear' strings, for
instance 'admin' and 'pass123').
To make it work, I had make my own copy of the method
ImportClient.uploadDataset(), and pass the headerAuth received by my own
webservice to the post object: post.setHeader("Authorization",
headerAuth);
I thus have two question:
- is that normal that the ImportClient was failing or did I do something
wrong
- if that was normal, would you want a new version of ImportClient that
could handle this ?
thank you
Fabian
--
Sergio Fernández
Partner Technology Manager
Redlink GmbH
m: +43 660 2747 925
e: [email protected]
w: http://redlink.co
